what you don't know can hurt you
Showing 1 - 25 of 34 RSS Feed

Files Date: 2007-07-17

iDEFENSE Security Advisory 2007-07-16.2
Posted Jul 17, 2007
Authored by iDefense Labs, David Maciejak | Site idefense.com

iDefense Security Advisory 07.16.07 - Remote exploitation of an authorization bypass vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to login to the management console and alter application settings. The OfficeScan installation includes a web management console that allows administrators to configure the application and the Antivirus clients it manages. The web interface login is handled by cgiChkMasterPwd.exe which is passed a hash and an encrypted version of the password generated by an ActiveX control on the login page. If cgiChkMasterPwd.exe is sent an empty encryption string and empty hash it proceeds to issue the client a valid session id which can then be used to access the web management console. iDefense has confirmed the existence of this vulnerability in OfficeScan for Windows 7.3 with all current patches applied. Previous versions may also be affected.

tags | advisory, remote, web, activex, bypass
systems | windows, 7
advisories | CVE-2007-3455
MD5 | 9feb23e6fea2157756924c3bbe576752
iDEFENSE Security Advisory 2007-07-16.1
Posted Jul 17, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.16.07 - Remote exploitation of a stack-based buffer overflow vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to execute arbitrary code with the privileges of the IIS Web User. The OfficeScan installation includes a series of CGI executables that are used for configuration through the Web interface. A shared library, CGIOCommon.dll, is used by many of these binaries to access environment variables passed to them from the parent IIS process. If a malicious Web request is made for a vulnerable binary, including an overly long session cookie, a stack-based Unicode buffer overflow will occur. iDefense has confirmed this vulnerability in OfficeScan 7.3 with all current patches applied. Testing has shown that this attack can be conducted by requesting multiple CGI binaries that make use of the shared library. Other versions are suspected to be vulnerable.

tags | advisory, remote, web, overflow, arbitrary, cgi
systems | windows
advisories | CVE-2007-3454
MD5 | 690a05b37c2cbeba9b270c6c3cc72693
husrevforum-xss.txt
Posted Jul 17, 2007
Authored by GeFORC3

husrevforum version 1.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 50966e858c7ba6ff951aca721ea572ae
husrevforum-sql.txt
Posted Jul 17, 2007
Authored by GeFORC3

husrevforum version 1.0.1 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | a240ae69197c6c980eb994557aac8c04
aspziy-xss.txt
Posted Jul 17, 2007
Authored by GeFORC3

ASP Ziyareti Defteri version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss, asp
MD5 | bc197f832c78403927fd37f56dc4fa72
yim81-overflow.txt
Posted Jul 17, 2007
Authored by Rajesh Sethumadhavan | Site xdisclose.com

The Address Book functionality in Yahoo Messenger version 8.1 suffers from a buffer overflow.

tags | advisory, overflow
MD5 | a65c668dc3ddc48046b247da815a08c7
SQLPowerInjectorSourceCodev1.2.rar
Posted Jul 17, 2007
Authored by Francois Larouche | Site sqlinjector.com

SQL Power Injector is a graphical application created in C# .Net 1.1 that helps the penetration tester to inject SQL commands on a web page. Its main strength is its capacity to automate tedious blind SQL injection with several threads. Released under the Clarified Artistic License.

tags | tool, web, scanner, sql injection
systems | unix
MD5 | 58abb0581d20fdfdb496ddf0e66eb0ca
exlibris-xss.txt
Posted Jul 17, 2007
Authored by Matthew Cook | Site escarpment.net

Multiple versions of the ExLibris Aleph and Metalib products are vulnerable to simple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | 0c219ccffc36d17ffe623b2a33f23ccc
HP Security Bulletin 2007-14.35
Posted Jul 17, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Serviceguard for Linux. The vulnerability could be exploited to allow local unauthorized access or to increase privilege.

tags | advisory, local
systems | linux
MD5 | d92949bba66c79c4205e176e791036a1
webcit-multi.txt
Posted Jul 17, 2007
Authored by Christopher Schwardt

WebCit versions below 7.11 suffer from session riding and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | e57b0c351ffeef0b0c3c40e9cee6ae6e
TISA2007-06-Public.txt
Posted Jul 17, 2007
Authored by Maldin d.o.o | Site teamintell.com

Element CMS suffers from a script insertion vulnerability.

tags | exploit
MD5 | 37bb8dbfd26a997990e91efc7e2733c2
opera-redirect.txt
Posted Jul 17, 2007
Authored by Robert Swiecki | Site alt.swiecki.net

Opera / Konqueror suffers from an arbitrary redirection vulnerability. It appears that Opera 9.21 and Konqueror 3.5.7 are susceptible.

tags | advisory, arbitrary
MD5 | df62c3606813ff0419901df0c1610fe1
ie-entrap.txt
Posted Jul 17, 2007
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

It appears that Microsoft Internet Explorer suffers from a browser entrapment vulnerability in document.open() calls.

tags | advisory
MD5 | a8e4a0a8e6bbda99cf4f77e69923c24c
Clam AntiVirus Toolkit 0.91.1
Posted Jul 17, 2007
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Fixed a memory leak amongst other things.
tags | virus
systems | unix
MD5 | 60152bf1e24b3fbdf0473794199e5215
07162007-flash_flv_9.0.45.0_exp.zip
Posted Jul 17, 2007
Authored by yunshu | Site ph4nt0m.org

Flash Player/Plugin video file parsing remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
MD5 | 00c683fd3f49ce3f6e2b42379c07ed80
trafficstats-sql.txt
Posted Jul 17, 2007
Authored by t0pp8uzz, xprog

Traffic Stats suffers from a remote SQL injection vulnerability in referralUrl.php.

tags | exploit, remote, php, sql injection
MD5 | c6c0b15c2296f1f107a385058a0b08b8
pafiledb-sql.txt
Posted Jul 17, 2007
Authored by pUm, h4si

paFileDB version 3.6 suffers from a remote SQL injection vulnerability in search.php.

tags | exploit, remote, php, sql injection
MD5 | 91126ab470556aef1998f8a5021bc703
prozilla-sql.txt
Posted Jul 17, 2007
Authored by t0pp8uzz, xprog

Prozilla suffers from a SQL injection vulnerability in directory.php.

tags | exploit, php, sql injection
MD5 | 37dbb3c8a38631e95ff2bd8254c24a15
realtor-sql.txt
Posted Jul 17, 2007
Authored by t0pp8uzz, xprog

Realtor 747 suffers from a SQL injection vulnerability in index.php.

tags | exploit, php, sql injection
MD5 | bedd5da29694a914a214c0dc5cd3560c
azdg-rfi.txt
Posted Jul 17, 2007
Authored by ThE dE@Th

AzDG Dating Gold version 3.0.5 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
MD5 | 95081a1ed6646553dc74f0a0f7990392
Secunia Security Advisory 25718
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Parvez Anwar has discovered two vulnerabilities in InterActual Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
MD5 | 4234a11805a0f3cc4d0e4bdf2a75d11c
Secunia Security Advisory 25739
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in CinePlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 02acd1ff7cd199b141ed42267dd054d0
Secunia Security Advisory 25979
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Alex Hernandez has reported some vulnerabilities in Proventia GX5108 and GX5008, which potentially can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

tags | advisory, vulnerability, xss
MD5 | b339b564df0fd3dd2a7d1efa6fbc9573
Secunia Security Advisory 26005
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Daniel Weber has reported a vulnerability in eSoft InstaGate, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 2ca5455f165d7eeed10cfcbcc83b8faf
Secunia Security Advisory 26012
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libnet-dns-perl. This fixes two vulnerabilities, which can be exploited to poison the DNS cache or to cause a DoS (Denial of Service).

tags | advisory, denial of service, perl, vulnerability
systems | linux, ubuntu
MD5 | 233bde8a7a1ba29c157bc5452077d230
Page 1 of 2
Back12Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close